Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,809
Erlang
36
GitHub Actions
31
Go
2,393
Maven
5,000+
npm
4,026
NuGet
720
pip
3,818
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

12,203 advisories

Loading
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-6643 was published Jun 26, 2025
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This... Low Unreviewed
CVE-2025-6646 was published Jun 26, 2025
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected... Low Unreviewed
CVE-2025-49549 was published Jun 26, 2025
Vault Community Edition rekey and recovery key operations can cause denial of service Low
CVE-2025-4656 was published for github.com/hashicorp/vault (Go) Jun 26, 2025
Successful exploitation of the vulnerability could allow an attacker to intercept data and... Low Unreviewed
CVE-2025-48463 was published Jun 26, 2025
A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus... Low Unreviewed
CVE-2025-6534 was published Jun 26, 2025
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611... Low Unreviewed
CVE-2025-6526 was published Jun 26, 2025
A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611.... Low Unreviewed
CVE-2025-6527 was published Jun 26, 2025
Incus Allocation of Resources Without Limits allows firewall rule bypass on managed bridge networks Low
CVE-2025-52889 was published for github.com/lxc/incus/v6 (Go) Jun 26, 2025
obp-anssi
XXL SSO is vulnerable to an Open Redirect through malicious manipulation of the redirect_url argument Low
CVE-2025-6701 was published for com.xuxueli:xxl-sso (Maven) Jun 26, 2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18... Low Unreviewed
CVE-2025-2938 was published Jun 26, 2025
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0... Low Unreviewed
CVE-2025-5846 was published Jun 26, 2025
Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode Low
CVE-2025-6624 was published for github.com/snyk/go-application-framework (Go) Jun 26, 2025
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment Low
CVE-2025-52884 was published for risc0-ethereum-contracts (Rust) Jun 25, 2025
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects... Low Unreviewed
CVE-2025-6524 was published Jun 23, 2025
pyspur Incomplete Filtering of Special Elements allowed by SingleLLMCallNode function Low
CVE-2025-6518 was published for pyspur (pip) Jun 23, 2025
PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure... Low Unreviewed
CVE-2025-6217 was published Jun 23, 2025
ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing... Low Unreviewed
CVE-2025-52969 was published Jun 23, 2025
kubernetes allows nodes to bypass dynamic resource allocation authorization checks Low
CVE-2025-4563 was published for k8s.io/kubernetes (Go) Jun 23, 2025
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which... Low Unreviewed
CVE-2025-52968 was published Jun 23, 2025
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This... Low Unreviewed
CVE-2025-52937 was published Jun 23, 2025
spytrap-adb Omission of Security-relevant Information Low
CVE-2025-52926 was published for spytrap-adb (Rust) Jun 23, 2025
sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow Low
CVE-2025-6494 was published for nokogiri (RubyGems) Jun 23, 2025 withdrawn
flavorjones
sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow Low
CVE-2025-6490 was published for nokogiri (RubyGems) Jun 22, 2025 withdrawn
Yealink YMCS RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force... Low Unreviewed
CVE-2025-52916 was published Jun 22, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database